Image Handler 2 (for ZC v1.3.8 ONLY) Support

[DarkAngel]

Just installed this mod, and 1.) It does not obey the 'Hover on Hotzone Only' option, and 2.) does anyone know how I can set IH2 to ONLY work on the Additional Images? I do not want it to work on my product listing images.

I think it comes that way since it is supposed to work with all 3 sizes. not sure if removing any codes will damage the flow of how it works.

maybe someone with better code knowledge can or will come in and say something.

[ckosloff]

"Once you chown" yes another user can take ownership, just chown again buddy..

That's not the point.
User was asking if another process, like apache, could take ownership once you chown with appropriate perms.
The answer is no way.
Regarding your brilliant discovery that another user can chown again.
Yes, obvious, it has to be a live user with admin rights.
Way off the mark, buddy.
I'll give an F for server administration.

[litepockets]

Dude,

Read the post... I WAS the user asking for guidance on user/group ownership. I'll be the first to admit my server admin "grade" is under par, I just started managing my own server all of 2 weeks ago. You just gave incorrect advice, AFTER I had already discovered the problem on my own (read my post). That's just it though, I think you read the first 3 words of a post, then you jump on your pedestal and give irrelevant advice, or make some backhanded remark like a little child. Go back to bed kiddo, grumpy little boys need their naps.

[ckosloff]

For the benefit of users of IH2, let me clarify this once and for all.
THERE IS NO NEED TO CHOWN TO INSTALL IH2.
It is ridiculous to suggest this solution since all the folders under www, htdocs or whatever the Apache configuration uses, belong to the user.
If they don't, there is a server misconfiguration.
User has admitted that he has no experience configuring Apache, so there is nothing more to discuss.
This has nothing to do with installing IH2, so don't follow misleading "advice".
If you ever see that folders that should belong to you, are owned by somebody else, even "apache", complaints should be directed to the webhost, although I strongly doubt that a professional webhost would ever make such a gross mistake.
Permissions for images folders and bmz_cache should match and be writable. This has been clarified in the readme, in breakmyzencart.com and thousands of times in this thread.
End of the show.

[litepockets]

omg man, you've gotta be the most dense individual on the planet. I didn't recommend ANYONE do this for a default install. It was simply what worked in my case. AND YES, the changing the ownership of the folders and files was required in this instance. This is because SOMEHOW (not blaming this module you moron), these bmz_cache folder and images folder were being owned by apache, in the apace group. As far as the host goes, it's media temple, one of the most reputable and well known hosts out there.

Lastly, the problem likely doesn't occur on "most" installations of this mod (or any other for that matter) because if you are using a shared server, the server username that is being used has likely been added to the "apache" group, which creates added vulnerability, as this gives another opportunity to obtain root access for anyone trying to do so.

Since you can't/don't seem to read/comprehend anything I've said, I'm done with this. I never bashed or even complained about IH2, I simply said how dissatisfied I was with the way you act on this thread, the inaccurate advice and the way you treat some users requesting assistance. The way you've reacted to my posts just serves to prove my point. Have a terrific Friday, and again, go take a nappy-poo.

[Dayo]

Lastly, I have a feeling it has to do with permissions. I have noticed that files/directories that used to be fine at 755 (or even 644) are now fussy if they aren't 777, which I am not very comfortable with at all. I have moved to a ded. virtual server with mediatemple, and unfortunately don't have much experience with server admin. Old hosting was on a shared server that was managed for me :) So I'm not real sure what settings I have to change on server to allow the 755's and 644's to still have the proper behavior. So for now, I have changed the permissions on bmz_cache (and children), cache, and images folders all to 777.

Hi

Your old shared server was set up so that PHP runs under the web user name by either using Fastcgi or suPHP. This is a very secure setup and it prevents a compromised account on the server affecting other accounts.

Your new virtual server is set up with a default setup where PHP runs as the webserver user which would be something like "apache" "nobody" or "www-data" depending on the OS flavour.

Your choices are:

1. Since you are on a virtual server, you don't have to worry about other accounts and can just chmod the files/folders that need write access to 666/777.

2. Configure PHP to run Fastcgi or Mod_suPHP. You might need to hire a server admin to do this for you since you say you don't have much experience in with this. These do use a bit more resources but you will be more secure. If you use a control panel such as Plesk or Cpanel, you should be able to do this there. You can then set all files/folders to 644/755 (the config files will need to be 444 to avoid warnings about writable files). You will also need the chown all files/folders to your your ftp usename and group.

To be honest, Option 1 is probably good enough on a standalone server as anyone able to hack zencart on your domain for instance, would have the same level of access in both scenarios through PHP. 644 & 755 permissions would deter other scripting languages but most hackers do their damage in PHP and you could switch off perl and python on your domain in any case since you are most likely only running php there which would take care of those.

In summary, recursively chown everything to your user and leave them with the world readable permissions except if you are a bit paranoid in which case switch Fastcgi or suPHP on in your control panel.

[litepockets]

Dayo,

Wow. See, that's a great, polite, and informative answer. Thank you very much. I'm pretty sure I can handle all of the above myself, and I really appreciate you explaining the security level of all configurations you suggested.

[ckosloff]

This is the IH2 support thread, please take your server configuration discussions elsewhere.
Thanks.

[litepockets]

As soon as you take your attitude elsewhere.
Posted via Mobile Device

[Craig Robbo]

Hi

I've just installed Google Chrome and have noticed that it's not displaying my additional images.

I'm not sure if it's related to the problem i've been having here http://www.zen-cart.com/forum/showthread.php?p=837765

My site can be found at http://www.imagocollections.com.au

Any help much appreciated

Thanks

Craig